Apptoto recently identified a security incident that affected a small number of accounts on our platform. Protecting the security of your data is extremely important to us, and we want to explain what happened, what we’ve done in response, and how it may affect you.
What Happened:
- On April 20th, 2024, our system detected a high volume of automated login attempts. These attempts most likely utilized usernames and passwords that had previously been leaked in larger non-Apptoto-related security breaches. Our engineering team quickly responded by implementing rate limits on password attempts, which stopped the suspicious activity by April 21st. Initially, it appeared that no user accounts had been compromised.
- However, further analysis conducted on April 24th revealed that an attacker successfully accessed 8 user accounts during this incident. We have found no evidence that any personal data from these accounts was accessed or stolen, but the attackers did use some compromised accounts to send phishing messages via text.
Actions We Have Taken:
- We have notified the 8 accounts that were compromised.
- We immediately terminated all sessions for the affected accounts and have reset the passwords to strong, secure ones. The affected users have been directly notified and guided through the process to secure their accounts.
- We have reviewed and enhanced our security measures to prevent similar incidents in the future, including improved detection mechanisms and additional rate limiting on login attempts.
What You Can Do:
- We recommend all users to remain vigilant and report any unusual activity in their accounts.
- Please ensure your password is strong and unique, and consider updating it regularly.
- Be cautious of any suspicious texts or emails, especially those asking for personal information.
Need More Information?
- If you have any questions or concerns about this incident or the security of your account, please do not hesitate to contact our dedicated support team at support@apptoto.com.
We sincerely apologize for any inconvenience this may have caused. We are committed to continually enhancing our security measures to protect your information.
Thank you for your understanding and continued support.
